Installing Qtap on EC2
The environment setup described in this guide involves configuring two separate EC2 instances within AWS: one as an API Client and the other as a Qtap Proxy Server. The API Client EC2 instance is tailored for making API requests, while the Qtap Proxy EC2 instance is configured to act as a gateway for these requests.
Prerequisites:
EC2 Key Pair: Generate or use an existing EC2 key pair for SSH access.
Proxy Security Group: Configure a security group with inbound rules allowing traffic on port 10080
Client Security Group: Configure a security group which can reach the Proxy Security Group
API Token: Obtain an API token from QPoint for authentication.
Qtap Proxy Installation Steps
Launch Proxy EC2 Instance
AMI Selection: Choose Amazon Linux 2 AMI.
Instance Type: Select an appropriate instance type (e.g.,
t2.small).Configure Instance: Attach the created proxy security group.
Launch: Select your key pair and launch the instance.
SSH into the EC2 Instance
Connect to your instance using SSH:
ssh -i /path/to/key.pem ec2-user@<EC2-instance-public-IP>
Install Docker onto EC2
Update packages:
sudo yum update -yInstall Docker:
sudo amazon-linux-extras install dockerStart Docker service:
sudo service docker startAdd
ec2-userto the Docker group to execute Docker commands withoutsudo:sudo usermod -a -G docker ec2-userReconnect or log out and back in again to re-evaluate group membership.
Run Qtap API Proxy Docker Container
Replace {API-TOKEN} with your actual API token.
API Client Installation Steps
Launch EC2 Instance
AMI Selection: Choose Amazon Linux 2 AMI.
Instance Type: Select an appropriate instance type (e.g.,
t2.small).Configure Instance: Ensure networking is configured so the client can reach the Proxy Server.
Launch: Select your key pair and launch the instance.
SSH into the EC2 Instance
Connect to your instance using SSH:
ssh -i /path/to/key.pem ec2-user@<EC2-instance-public-IP>
Install Certificate on the Client
Certificate Installation: Install the provided certificate on the client issuing requests. This usually involves importing the certificate into the client's trust store or configuring it within the application making the requests. For example:
Move the Certificate: Move the certificate to an appropriate directory. For system-wide use,
/etc/pki/tls/certsis common. For user-specific use, a directory within the user's home directory can be chosen.Update Permissions: Set the appropriate permissions for the certificate file. For example:
Update CA Trust Store (if necessary): If the certificate needs to be recognized as a trusted CA, update the CA trust store.
First, update the CA trust configuration:
Then, copy the certificate to the CA trust source directory and update the trust store:
Setting up the HTTPS_PROXY Environment Variable
Set the Environment Variable: You need to set the
HTTPS_PROXYenvironment variable to route HTTPS requests through the Qtap API Proxy. This can be done using the export command in your shell. Assuming the proxy is running on the proxy EC2 instance and listening on port 10080, the command would be:Verify the Variable: To ensure that the
HTTPS_PROXYvariable is set correctly, use theechocommand:
Testing the Setup with curl
Basic curl Command: Test the proxy setup with a simple HTTP request using
curl. Replacehttp://example.comwith a valid URL you want to test:The
-vflag is for verbose output, which helps in understanding the request and response flow through the proxy.Check SSL/TLS Communication: If you need to test HTTPS traffic, use an HTTPS URL. The Qtap API Proxy should handle the SSL/TLS termination:
Troubleshooting: If you encounter issues, the verbose output from
curlwill provide insights. Common problems could be related to network connectivity, SSL/TLS certificate issues, or misconfigurations in the proxy setup.Persisting the Environment Variable: If you want the
HTTPS_PROXYsetting to persist across sessions, add theexportcommand to your user's shell profile, like~/.bash_profileor~/.bashrc.
Last updated